Tag: Scams

November 2, 2023

Beware of Scammers Posing as Bank Employees

Hacker, malware notification on mobile phone. Smartphone with hacker alert, spam data on cellphone fraud error message, scam, virus. Flat vector illustration.
Hacker, malware notification on mobile phone. Smartphone with hacker alert, spam data on cellphone fraud error message, scam, virus. Flat vector illustration.

There are resurging scams targeting bank customers that we want to bring to your attention. The scams were initiated differently; however, their ultimate goal was the same – to get to your hard-earned money. In one instance, the customer received a text message stating that their Apple ID had been compromised and that the customer needed to call the number provided in the text to resolve the issue. In a different case, the customer’s computer screen displayed a black screen with a message from “Microsoft” prompting the customer to call the number provided on the screen in order to repair their computer.

When the customer calls the number, the scammer informs them that their bank account had been compromised and they are asked to provide their debit card number along with other identifying information. After obtaining the information, the customer is transferred to the bank’s supposed fraud department where a different scammer informs them that their money is not safe due to a compromise by bank staff. The customer is advised to immediately withdraw their money. The scammers actually stay on the phone while the customer conducts the withdrawal and then direct them to deposit the cash at a specific bitcoin ATM in order to “keep it safe”.

Please keep the following red flags of common tech support/cryptocurrency scams in mind to avoid being the next victim:

  • You receive an unsolicited phone call, text message, email, or a pop-up prompt noting that your computer is compromised.
  • You are asked to call an unknown number, or are automatically transferred, for further support.
  • You are asked to provide additional information about yourself.
  • You are asked to provide access to your computer or for you to perform certain actions on your device, such as downloading software or going to a specific website.
  • You are instructed not to disclose to bank personnel the reason for the cash withdrawal.
  • They shift the conversation from the initial topic (e.g. device issue to compromised bank account).
  • You are asked to withdraw a large sum of money and deposit it into a different account not owned by you (e.g. bitcoin ATM) in order to keep the money safe.
  • You are asked to pay in cryptocurrency for services. No legitimate business is going to demand that you send your payment in cryptocurrency.

Remember to only use known contact information when calling the bank or any other business. If you are uncertain of the legitimacy of the call, immediately hang up and call the bank using a verified contact number. Never call or respond to a number that was initially provided. In addition, be cautious of depositing your money into cryptocurrency ATMs.

To learn more about tech support or cryptocurrency scams, visit the Federal Trade Commission Consumer Advice site: https://consumer.ftc.gov/articles/how-spot-avoid-and-report-tech-support-scams or https://consumer.ftc.gov/articles/what-know-about-cryptocurrency-and-scams.

Report fraud to the Federal Trade Commission: https://reportfraud.ftc.gov

As always, River City Bank is here for you. Should you have any questions about your personal or financial information or fear you may be a victim of a financial scam, reach out to our Customer Service Team at (916) 567-2899 or (800) 564-7144 or by email at [email protected].

September 6, 2023

Avoiding a Cyber-Attack

""
""

Cyber-attacks are a growing and significant concern for small and medium-sized businesses (SMBs). Despite the common misconception that hackers only target behemoths, SMBs make increasingly attractive prey. In fact, certain types of attacks, like phishing, are much more commonly aimed at SMBs. It is critical to both (1) institute best practices to minimize the chance of experiencing a cyber-incident, and (2) take measures now to minimize the potential damage in the event a cyber-incident does occur.

“Fifty percent of SMBs have been the victims of a cyber-attack and over 60% of those attacked go out of business.”

Dr. Jane LeClair
Chief Operating OfficerNational Cybersecuity Institute

Avoiding a Cyber-Attack

Cyber-attacks are a permanent and persistent threat to your organization, and there is no way to entirely remove that risk. However, by implementing cybersecurity controls, you can minimize the probability of a successful cyber-attack.

  • Keep your software, applications, web browsers, and operating systems up-to-date. Set updates to occur automatically. Do not use software that is no longer supported by the vendor.
  • Know where your important data is located. Secure your physical and electronic files. Ensure important files and systems are encrypted and regularly backed up. Perform periodic back up data recovery tests.
  • Require strong passwords, or passphrases which are longer and more complex than passwords, on all your applications and devices. Use a password manager to securely store all passwords.
  • Have formal policies and procedures for safeguarding data and systems.
  • Use Multi-Factor Authentication (MFA) wherever possible. MFA reduces risks associated with compromised passwords.
  • Enforce strong security standards before employees or vendors connect to your network.
  • Create a culture of security. Conduct employee information security awareness training consistently. Training should include common attacks and tactics used by cyber-criminals (such as social engineering, phishing, etc.). Refer to the FTC factsheets on Phishing, Ransomware, Business Email Imposters, and Tech Support Scams for additional information on training topics.
  • Know your vendors. Your vendors are ultimately your responsibility, and software supply chain risk is often an overlooked area of cyber risk. Review your software vendor contracts to understand what the vendor will be responsible for in the event that your business is affected by a cyber- incident, such as a supply chain attack. This also includes confirming your vendor’s own processes for overseeing subcontractors and managing risks. In addition, periodically conduct risk assessments for third-party relationships.

37% of companies hit by ransomware had fewer than 100 employees.

Employees of small businesses experience 350% more social engineering attacks than those at larger enterprises.

In 2020 alone, there were over 700,000 attacks against small businesses, totaling $2.8 billion in damages.

80% of all hacking incidents involve compromised credentials or passwords.

95% of cybersecurity incidents at SMBs cost between $826 and $653,587.

Limit the Damage of a Cyber-Attack

It is not a matter of if you will experience a cyber-incident, but when. Even with best practices to minimize the probability of a cyber-incident occurring, the risks are increasing and are difficult to avoid. It is important to take steps now to prepare and minimize the potential impact of a cyber-incident.

  • Defensible Space. Implement layered defenses to increase prevention, detection, and response capabilities. Consider building a “Zero Trust” security framework that requires all users to be authenticated and authorized before access to any applications/data is granted.
  • Cyber Insurance. Cyber insurance is one option that can minimize incurred costs in the event of a cyber incident. Review your cyber insurance to understand the policy coverage. Refer to the FTC Cyber Insurance factsheet for additional information cyber insurance.
  • Business Continuity Plan/Disaster Recovery (BCP/DR). Have a plan, and test it. Having a BCP/DR process in place prior to a cyber incident is crucial for a successful and expeditious recovery. Consider having incident response services (e.g. law firm, forensic specialist, ransomware negotiator, etc.) on retainer in the event of a cyber incident. Refer to the FCC Cybersecurity Planner and FTC Data breach Response Documents for additional information on BCP/DR preparation.

The FTC offers factsheets which provide additional information on the topics reviewed.

  • FTC Vendor Security factsheet has additional information on vendor security.
  • FTC Cybersecurity Basics factsheet and the FCC Cybersecurity Planner offers additional information on cybersecurity controls.
  • FCC Cybersecurity Planner and FTC Data Breach Response documents provide information for Business Continuity and Disaster Recovery preparation.
  • FTC Cyber Insurance factsheet has more details on cyber insurance.

Links to these factsheets can be found below:

FTC Cybersecurity Factsheets:
https://www.ftc.gov/business-guidance/small-businesses/cybersecurity

FCC Cybersecurity Planner:
https://www.fcc.gov/cyberplanner

CISA Cyber Resilience Review:
https://www.cisa.gov/uscert/resources/assessments

DHS Vulnerability Scans:
https://www.cisa.gov/cyber-hygiene-services

Free Cybersecurity Services and Tools:
https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools

FTC Data Breach Response:
https://www.ftc.gov/system/files/documents/plain-language/pdf-0154_data-breach-response-guide-for-business-042519-508.pdf

June 29, 2023

How to Protect Yourself from Automated Clearing House (ACH) Fraud

Conceptual illustration of automated clearing house fraud
Conceptual illustration of automated clearing house fraud

ACH fraud occurs when unauthorized transactions are electronically posted to your account. It is on an exponential rise and starts with just two things: Your business checking account number and a routing number. These two pieces of information are all cybercriminals need to attempt a fraudulent ACH transaction.

According to the Association for Financial Professionals’ (AFP) latest Payments Fraud and Control Survey Report, fraud perpetrators are targeting ACH payment methods more frequently than check and wire transfers. As ACH transactions are typically considered safer and more difficult to compromise, the increased focus on ACH transactions suggests that fraudsters are acquiring more sophisticated techniques when targeting organizations.

Fortunately, there are steps you can take to guard against ACH fraud:

  1. Monitoring your bank account regularly for unauthorized transactions is one of the best ways to notice potential ACH fraud. Set up account alerts to immediately notify you of any suspicious activity. If you see a fraudulent transaction, report it to your Bank immediately.
  2. Use ACH Positive Pay. For businesses, this is a service allowing users to review unexpected incoming debits before they’re cleared to post in the bank account.
  3. Use a secure payment gateway. A secure payment gateway is one of the best ways to prevent ACH fraud. It will encrypt your account information and protect it from unauthorized access.
  4. Install anti-virus and malware software and keep it up to date. Staying safe online is an ongoing effort, and one of the simplest yet most effective ways to do so is to remain vigilant and keep your devices updated with the latest software. These software updates frequently come with software patches that fix security gaps and prevent a potential hacking effort across multiple logged-in devices. These patches keep one’s device secure and protect it from software holes that give hackers easy access to multiple devices and the data stored within them.
  5. Be smart when creating passwords. Using secure passwords and PINs to secure your devices is one of the most essential steps taken while using multiple devices. It goes without saying that one must always use different passwords for different devices. Use strong passwords that can’t easily be guessed or decoded using brute force. Only store credentials in official password managers to keep everything secure.
  6. Make sure websites are secure. A secure URL should begin with “https” rather than “http.” The “s” in “https” stands for secure, which indicates that the site is using a Secure Sockets Layer (SSL) Certificate. This lets you know that all your communication and data are encrypted as it passes from your browser to the website’s server; however, this doesn’t mean that you are connecting to the correct website. Double check the URL to ensure you are going to the correct and intended website.
  7. Keep your firewall turned on. A firewall helps protect your computer from hackers who might try to access your system to steal your information. Always keep your firewall turned on and up-to-date.
  8. Stay Educated. Stay Protected. Being vigilant is crucial to being more digitally secure. The best way to do this is to stay updated with the latest developments and be aware of the tactics implemented by those looking to compromise multiple systems. This can also help one spot potential risks and mitigate them before the need arises.
  9. Verify payment requests. If you receive a payment request, make sure to verify the request before sending any money. Verify the requestor’s identity and ensure you understand the payment’s purpose. If you have any doubts, contact the requestor using a known and verified contact.
  10. Don’t click on links and open attachments in suspicious emails. If you receive an email from a sender you don’t know, or if the email looks suspicious, don’t click on any links or open any attachments. They can be malicious and lead you to a website that will steal your information or compromise your device
  11. Refrain from trusting a sense of urgency. Scammers often try to create a sense of urgency to get you to act quickly. Don’t let yourself be pressured into making a decision; take the time to verify any payment requests.

When it comes to preventing ACH fraud, it takes a village. We can only win this battle by implementing various layers of internal controls throughout the funds transfer process. If you believe you or your business is a victim of ACH fraud, contact us immediately to halt additional fraudulent transactions. Also, consider reporting the incident to law enforcement, which helps your business and others avoid similar fraud attempts.

Should you have any questions regarding your personal or financial information at the Bank, please do not hesitate to contact a Customer Service Representative at (916) 567-2899 or (800) 564-7144 or by email at [email protected].

March 31, 2022

LinkedIn phishing scams increase 232% since February

LinkedIn-image

Phishing attacks impersonating emails from LinkedIn have grown 232% since the start of February. The increase is likely related to more people looking for jobs, switching companies, or recruiting for open positions, thus making people more likely to click on emails from LinkedIn.

We have all received emails from LinkedIn saying things such as “You appeared in 4 searches this week,” “You have 1 new message,” and “Your profile matches this job.” Cybercriminals use email addresses with a LinkedIn display name to send fake emails with the same subject lines. In addition, the emails are branded with the LinkedIn logo, brand colors, and icons. To make the phishing attack more convincing, criminals use other well-known organizations’ names, including American Express and CVS.

The branded email templates lure victims to click on phishing links and enter their credentials into fraudulent websites. The hope is the credentials can be used for other websites that contain sensitive information.

What can you do to protect yourself?

  • Go directly to the LinkedIn website – To check messages and get updates, type in the full LinkedIn URL in your internet browser.
  • Slow down and review links – Hover over links to verify they direct you to the correct website.
  • Turn on two-step verification – Review your LinkedIn profile Settings & Privacy page. Turn on the two-step login verification system.
  • Report suspicious messages – LinkedIn encourages members to report suspicious messages to their help center.  This helps their team identify scams and better secure the platform.

For more information on cyber security and protecting your personal and financial information, visit our Safety and Security page.

December 20, 2021

New TSA PreCheck Scam Seeks to Collect Your Personal and Credit Card Details

By Stu Sjouweman, Founder and CEO | KnowBe4.

TSA-Precheck-Area

Doing one of the best jobs impersonating a website ever seen, this new scam attempts to take those renewing or initially signing up through a believable process that most would fall for.

Most of the time, impersonation scams take you to a “website” that’s more than a single web page designed to look like the logon page of the impersonated brand. But a new scam centered around registering for or renewing with TSA PreCheck takes the impersonation website to an entirely new level.

According to security researchers at Abnormal Security, this new scam starts out as wonky as most phishing scams with an email that doesn’t quite feel like it’s really from the TSA:

TSA-PreCheck-Scam-Email

But where it gets interesting is when potential victims click the link and are taken to a pretty believable TSA registration site:

TSA-PreCheck-Scam

According to Abnormal Security, the scammer went through the trouble of not just collecting the salient personal details they can misuse later, but went as far as to ask nearly all the same questions found in the actual application. And unlike most scams, they are attempting to take your credit card where payment is solicited for up front. This scam takes “payment” when it normally would – at the end of the process.

This scam is one of the reasons KnowBe4 exists – to educate users through effective Security Awareness Training so they won’t be fooled by these kinds of scams. The sender email address and email copy are dead giveaways – something well-trained users will spot a mile away, avoiding the scam all together.

To view more security articles, visit KnowBe4’s Security Awareness Training blog at https://blog.knowbe4.com/.

September 29, 2021

Security Alert – Phishing URLs

Phishing URL

Unfortunately, phishing scams are not going away.  The use of business email compromise, smishing or text scams, and ransomware scams are still prevalent. However, the use of Phishing URLs has seen a sharp increase over the past year. Reported cases in April 2021 nearly tripled that of April 2020; 28,000 cases to over 63,000 cases.

Phishing URLs affect both businesses and consumers. This type of scam can generally be attributed to the increase in remote workers and the heavy use of convenient online services such as banking, shopping, and bill pay.

What is a Phishing URL?

A Phishing URL is a website domain or URL that appears to be the official website but has a slight variation. At a glance, the website address seems to be legitimate; however, it takes you to a different website. The scam website can mirror the legitimate website’s homepage, making this type of scam tricky for consumers and highly effective for criminals.

Examples of Phishing URLs:

  • Legitimate website URL: www.rivercitybank.com
  • Phishing URLs: www.river-citybank.com; www.rivercitybanking.com; www.river-city-bank.com
  • Legitimate URL: www.irs.gov
  • Phishing URLs: www.irs.org; www.irs.com; www.internalrevservice.gov

 

How Can You Avoid Phishing URLs?

  • Confirm the URL: Double and triple-check the website address before entering any credentials or clicking on links within the website.
  • Bookmark Frequently Used Sites: Use the bookmark or favorite’s functions to save frequently visited sites instead of conducting a web search each time. The bookmark will save the legitimate site, thus mitigating the risk of clicking on a Phishing URL.

For more information on cybersecurity, visit the River City Bank Safety and Security page.

March 29, 2021

Beware of COVID-19 Vaccine Scams

" "

With the COVID vaccine rollout, scammers have found new ways to take advantage of the pandemic and the confusion around when, how, and where people can sign for and receive the vaccine. Below are common scams and tips you can use to avoid falling for a COVID vaccine scam.

  • Don’t pay to sign up for the COVID vaccine. Anyone who asks for payment to put you on a list, make an appointment for you, or reserve a spot in line is a scammer.

  • You can’t pay to get early access to the vaccine. Beware of emails, letters, or calls stating that you can pay to gain early access to the vaccine.

  • Do you use Medicare? If so,you don’t have to pay to get the COVID-19 vaccine. Beware of emails, letters, or calls that tell you otherwise. Contact your medical care provider for clarification.

  • Ignore sales ads for the vaccine. The vaccine is not available for purchase. It’s only available at federal- and state-approved locations.

  • Nobody legit will call, text, or email about the vaccine and ask for your Social Security, bank account, or credit card number. Access to the vaccine is not tied to releasing your personal or financial information.

When in doubt, contact your medical care provider for information on when, how, and where you can receive the vaccine. Stay alert and be vigilant when reading emails, letters and taking phone calls, and never give your personal or financial information. For details on recent identity theft and fraud scams or to report a possible scam, visit the Federal Trade Commission www.ftc.gov.

December 23, 2020

Freezing Your Credit

Close up of credit cards frozen in a block of ice

What is a credit freeze?

Also known as a security freeze, a credit freeze is a tool that lets you restrict access to your credit report, making it more difficult for identity thieves to open new accounts in your name. Most creditors need to see your credit report before they approve a new account, if they can’t review your report, they may not extend the credit. A credit freeze gives you more control over the release of your financial information.

Does a credit freeze affect my credit score?

No. A credit freeze does not affect your credit score. A credit freeze also does not prevent the following:

  • Prevent you from getting a free annual credit report
  • Keep you from opening a new account. To open a new account, you’ll need to lift the freeze temporarily. You can lift the freeze or thaw credit anytime you need to access your credit.
  • Prevent a criminal from making charges to your existing accounts. You still need to monitor all bank, credit card, and insurance statements for fraudulent transactions. We recommend that you monitor your accounts daily.

Is there a cost to freeze/unfreeze my credit?

No.

How do I place a freeze on my credit reports?

You need to contact each of the nationwide credit bureaus. You will need to supply your name, address, date of birth, Social Security number, and other personal information. After receiving the freeze request, each credit bureau will provide you with a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

Equifax

Freeze your Equifax credit report
(800) 685-1111

Experian

Place a security freeze through Experian
888-EXPERIAN | (888) 397-3742

TransUnion

Freeze your TransUnion credit report
888-EXPERIAN | (888) 397-3742

How do I lift a freeze?

A freeze remains in place until you ask the credit bureau to temporarily lift it or remove it altogether. Contact the credit bureau to temporarily lift or remove the freeze.

If you opt for a temporary lift because you are applying for credit or a job, and you can find out which credit bureau the business will contact for your file, you can save some time by lifting the freeze only at that particular credit bureau. Otherwise, you need to make the request with all three credit bureaus.

Should you have questions about freezing credit, visit a credit bureau website or the Federal Trade Commission – www.consumer.ftc.gov/topics/identity-theft. The Federal Trade Commission is a valuable resource to learn more about protecting your personal and financial information from identity thieves and cyber criminals.

For additional information, contact one of our Customer Service Representative at (916) 567-2899 or (800) 564-7144 or via email at [email protected].

December 23, 2020

Holiday Season Phone and Email Scams

Mobile phone with Amazon logo on the screen

The busy holiday season is here, and while this season may look different due to the pandemic, online shopping is at an all-time high. The increase in online shopping means cyber criminals are busier than ever.

There is a popular scam making its way across the country right now where scammers, purportedly from Amazon or Apple, call or email people conning them out of money or their banking credentials. Below are common variations of this scam and ways you can avoid being a victim.

A phone , green, decorative

Phone Scam Variations

  1. You receive a call and a recorded message says it’s Amazon. The message says there’s something wrong with your account. It could be a suspicious purchase, a lost package, or an order they can’t fulfill.
  2. In another twist on this scam, you get a recorded message that says there’s been suspicious activity in your Apple iCloud account or your account has been breached.

If you get an unexpected call or message about a problem with any of your accounts, hang up.

  • Do not press 1 to speak with customer support.
  • Do not call a phone number they gave you.
  • Do not give out your personal information.

If you think there may actually be a problem with one of your accounts, contact the company directly using a phone number or website you have verified.

Email green, Decorative

Email Scam

You receive an email that appears to be from Amazon notifying you of a problem with your account. The scammer asks for your Amazon login information with the goal of accessing your account. The scammer will then order items and gain personal information.

If you receive an email asking you to click on a link or enter login information, do not take the bait.

  • Do not click on links provided in emails. Instead, open a new web browser window to visit a verified site.
  • Do not enter personal information, including username and password.
  • Do not call phone numbers given in the email. Look for a phone number on the verified website.

To learn more about cyber security and best practices, visit our Safety & Security page. If you feel you may be a victim of a cyber scam, contact our Customer Service team at (916) 567-2899 or (800) 564-7144 or by email at [email protected].

January 21, 2020

File Your Taxes Before Scammers Do It For You

Close up of various tax forms

By Krebs on Security

Close up of various tax forms

It’s that time of year, tax-filing season, also known as the season fraudsters start requesting phony tax refunds in the names of identity theft victims. Want to minimize the chances of getting hit by tax refund fraud this year? File your taxes before the bad guys can!

Tax refund fraud affects hundreds of thousands, if not millions, of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS. Read the full Krebs on Security article here, and learn more about how fraudsters file phony tax refunds and what you can do to protect yourself.

Should you have any questions about your bank accounts and services, please contact a River City Bank customer service representative at (916) 567-2899.